Описание
DNS Rebinding in etcd
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-1099
- https://github.com/coreos/etcd/issues/9353
- https://github.com/coreos/etcd/commit/a7e5790c82039945639798ae9a3289fe787f5e56
- https://bugzilla.redhat.com/show_bug.cgi?id=1552717
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS
Пакеты
go.etcd.io/etcd
< 3.4.0
3.4.0
Связанные уязвимости
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attack ...